From 55ef85adc01474f502cf195d8fb35e2655ccd20a Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Wed, 26 Dec 2018 10:16:11 +0300
Subject: parser: clean() attribute values by default (except content)

---
 classes/feeditem/atom.php | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

(limited to 'classes/feeditem/atom.php')

diff --git a/classes/feeditem/atom.php b/classes/feeditem/atom.php
index 2bae0752c..a962b59f2 100755
--- a/classes/feeditem/atom.php
+++ b/classes/feeditem/atom.php
@@ -8,7 +8,7 @@ class FeedItem_Atom extends FeedItem_Common {
 		if ($id) {
 			return $id->nodeValue;
 		} else {
-			return $this->get_link();
+			return clean($this->get_link());
 		}
 	}
 
@@ -44,9 +44,9 @@ class FeedItem_Atom extends FeedItem_Common {
 				$base = $this->xpath->evaluate("string(ancestor-or-self::*[@xml:base][1]/@xml:base)", $link);
 
 				if ($base)
-					return rewrite_relative_url($base, trim($link->getAttribute("href")));
+					return rewrite_relative_url($base, clean(trim($link->getAttribute("href"))));
 				else
-					return trim($link->getAttribute("href"));
+					return clean(trim($link->getAttribute("href")));
 
 			}
 		}
@@ -56,7 +56,7 @@ class FeedItem_Atom extends FeedItem_Common {
 		$title = $this->elem->getElementsByTagName("title")->item(0);
 
 		if ($title) {
-			return trim($title->nodeValue);
+			return clean(trim($title->nodeValue));
 		}
 	}
 
@@ -113,7 +113,7 @@ class FeedItem_Atom extends FeedItem_Common {
 		$categories = $this->xpath->query("dc:subject", $this->elem);
 
 		foreach ($categories as $cat) {
-			array_push($cats, trim($cat->nodeValue));
+			array_push($cats, clean(trim($cat->nodeValue)));
 		}
 
 		return $cats;
@@ -129,9 +129,9 @@ class FeedItem_Atom extends FeedItem_Common {
 				if ($link->getAttribute("rel") == "enclosure") {
 					$enc = new FeedEnclosure();
 
-					$enc->type = $link->getAttribute("type");
-					$enc->link = $link->getAttribute("href");
-					$enc->length = $link->getAttribute("length");
+					$enc->type = clean($link->getAttribute("type"));
+					$enc->link = clean($link->getAttribute("href"));
+					$enc->length = clean($link->getAttribute("length"));
 
 					array_push($encs, $enc);
 				}
@@ -147,12 +147,12 @@ class FeedItem_Atom extends FeedItem_Common {
 		$lang = $this->elem->getAttributeNS(self::NS_XML, "lang");
 
 		if (!empty($lang)) {
-			return $lang;
+			return clean($lang);
 		} else {
 			// Fall back to the language declared on the feed, if any.
 			foreach ($this->doc->childNodes as $child) {
 				if (method_exists($child, "getAttributeNS")) {
-					return $child->getAttributeNS(self::NS_XML, "lang");
+					return clean($child->getAttributeNS(self::NS_XML, "lang"));
 				}
 			}
 		}
-- 
cgit v1.2.3